rbac-lookup
rakkess
rbac-lookup | rakkess | |
---|---|---|
3 | 3 | |
838 | 1,257 | |
1.2% | - | |
3.7 | 0.0 | |
9 days ago | about 1 year ago | |
Go | Go | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
rbac-lookup
-
Is there a way to see exactly what permissions the built-in group "system:readonly" has?
try using a tool such as rbac-lookup to find roles attached to a principal name https://github.com/FairwindsOps/rbac-lookup
-
Kubernetes Hardening Tutorial Part 3: Authn, Authz, Logging & Auditing
RBAC Lookup is a CLI that allows you to easily find Kubernetes roles and cluster roles bound to any user, service account, or group name. It helps to provide visibility into Kubernetes auth.
-
Making Kubernetes Operations Easy with kubectl Plugins
rbac-lookup - Similar to the first plugin we mentioned, this plugin also helps with RBAC in your cluster. This can be used to perform reverse lookup of roles, giving you a list of roles that user, service account or group has assigned. For example, to find roles bound to service account named my-sa you use the following - kubectl rbac-lookup my-sa --kind serviceaccount --output wide.
rakkess
-
Getting started with kubectl plugins
Link to GitHub Repository
-
Most Useful kubectl Plugins
Install access-matrix plugin with krew :
-
Making Kubernetes Operations Easy with kubectl Plugins
rakkess - known as access-matrix in krew is plugin for showing and reviewing access to kubernetes resources. This can be very useful when designing RBAC roles - you can for example run kubectl access-matrix --as other-user --namespace some-ns to verify that user or service account has desired access rights in specified namespace.
What are some alternatives?
rbac-manager - A Kubernetes operator that simplifies the management of Role Bindings and Service Accounts.
kubectl-kubesec - Security risk analysis for Kubernetes resources
k9s - 🐶 Kubernetes CLI To Manage Your Clusters In Style!
kubectl-neat - Clean up Kubernetes yaml and json output to make it readable
kubectl-explore - A better kubectl explain with the fuzzy finder
kubectl-dig - Deep kubernetes visibility from the kubectl
ketall - Like `kubectl get all`, but get really all resources
kubelogin - kubectl plugin for Kubernetes OpenID Connect authentication (kubectl oidc-login)
kube-capacity - A simple CLI that provides an overview of the resource requests, limits, and utilization in a Kubernetes cluster
ksniff - Kubectl plugin to ease sniffing on kubernetes pods using tcpdump and wireshark